FreeBSD : heimdal -- bypass of capath policy (40a8d798-4615-11e7-8080-a4badb2f4699)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Viktor Dukhovni reports :

Commit f469fc6 (2010-10-02) inadvertently caused the previous hop
realm to not be added to the transit path of issued tickets. This may,
in some cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2. Note, this may break sites that rely on the bug. With the
bug some incomplete [capaths] worked, that should not have. These may
now break authentication in some cross-realm configurations.
(CVE-2017-6594)

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219657
http://www.nessus.org/u?e3428362

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100565 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now